Block pages, custom text feature

Agree, the new option is a joke. It’s not a “custom block page,” just a way of adding some text to the existing. Actually a weird change by the Wordfence developers. I recall many of us asking for the ability to swap our own block page for the default, but I don’t recall much energy on adding text.

Please Wordfence, would it be so hard to simply have an option for us to use our own blocking page via a filename/url? Seems trivial.

MTN

Anyone new to Wordfence, the issue here is that the standard Wordfence page that tells a criminal they are blocked, also provides that same criminal with useful information. It’s ridiculous. MTN

@mountainguy2 – I think there are many reasons to change the messaging. While thwarting hacking attempts is an important one, there are others. Some of our clients have very large numbers of users and serve specific demographics. Some clients have as many as 60,000 users.

As you can imagine, the current messaging confuses them greatly and wastes a great deal of staff time. Adding a few tag lines at the bottom is not adequate. Especially when it appears to not allow any HTML (links?).

We are investigating 2 options:

1. Creating a plugin that does not require modification to WordFence code, so that it is maintainable.
2. Replacing WordFence with one or more alternate security plugins.

And of course updating our old 5 star review to reflect this problem and some others.

• This reply was modified 6 years, 6 months ago by Sonja London.

Forgot to mention – if we are successful in creating the plugin we will make it available to others. And our early proof of concept seems to work.

We also want an ability to provide our own page(s), preferably using conditionals and/or PHP.

Wordfence is clearly big enough to have its own plugin ecosystem. I already enhance Wordfence with a couple of third party plugins, one more would be fine, best wishes to you guys in your effort to develop plugin that’ll swap a custom block message. MTN

Thanks for your opinion. WFAlaa should gt back to you shortly.

Tim

@mountainguy2 – are the plugins you refer to changing WordFence functioning (fixing a shrtcoming) or adding to it (like another security plugin?

I already enhance Wordfence with a couple of third party plugins

Just adding to it. I was working on doing a Cpanel or WordPress cron that did a basic file writeover using PHP scripting, once a day or so, this would directly modify Wordfence core files that create the block pages. I ran out of time. A Cpanel cron would be best, the danged WordPress crons get loaded during _every_ WordPress page load, a ridiculous resource hog if one has many crons. MTN

Hi All,

Thanks @mountainguy2, @yet-another-wp-user and @summit for your feedback, your opinions really mater and I believe our current implementation which integrates custom text into the blocking page template along with other many features that were shared here on the forums proves that.

Three main points I want to clarify here please:

– Hackers don’t see the blocking page, only regular users do.

Hackers write custom scripts that crawl millions of websites looking for their target. They do not stop to look at block pages. They only see “403”, “503” or “200” server response while looking for their target to exploit. On the other hands regular users might get the blocking page directly on their browsers if they violated any of the firewall rules, as a result of that, not only users but also website owners might get confused regarding why that happened and that led us to the second point.

Another thing I want to mention on this point, if regular users have a couple of methods to know which plugin is running on your website (check the page source code, directly hit the plugin directory/readme.txt file in the browser) then you must be sure that hackers have a dozen ways to know that!

– Be concerned about what your website visitors see on your website.

We are concerned about that and you should be too. Getting blocked while surfing one of the pages on your website isn’t really a good experience, users must know what happened exactly that led to this. You, the web master, need to know which software is responsible for blocking (ModSecurity, Cloudflare, Wordfence or another one?). We get quite few tickets of website owners getting block pages that they thought were Wordfence related, although they were not.

– The blocking page isn’t a bandwidth hogger.

It’s roughly 8Kb in size, let’s say your website gets around 1K blocked page view per day, then that’s about 8MB daily. This is far less than you’d get if all those requests were loading the full WordPress site.

That said, your feedback is always welcomed and our team read, analyze and consider all opinions mentioned here on the forums.

Please note though that this is a forum for support for the Wordfence product. We do not recommend modifying Wordfence plugin files and we can not give support on issues that may arise after modifying Wordfence plugin files.

Thanks!